Blog Img

What does the GDPR mean for General Insurance?

Back to Blogs

Here's what you need to know to prepare.

The General Insurance industry is about to experience a shake-up. On 25th May 2018, the GDPR, or General Data Protection Regulation, will come into force across the UK and all of the EU’s 28 member states, transforming the way in which the industry is regulated. Created to help empower individuals to take control of their personal data, and regulate how businesses use that data, the GDPR has huge ramifications for the world of General Insurance.

General Insurance is one of the UK’s biggest sectors: the largest market in Europe, and the fourth largest in the world, it manages investments of over £1.7tn and contributes £12bn in taxes every year. However, given that the passing of the GDPR requires firms to change the way in which they do business, there’s a new future for businesses to adapt to: one in which data privacy and the rights of the customer are paramount. 

Given that the latest research by Ecclesiastical has shown that 59% of Brokers don’t know enough about the upcoming GDPR legislation- and 70% think it won’t benefit their business- it’s time to take a look at how these incoming regulations will affect the industry.

What does it mean?

At its most basic, the GDPR aims to transform the way in which companies handle their information. Companies are now held accountable for the data they collect from customers, and the way it is processed: now, companies need to know what their core sources of data are, where data is stored and who has access to it, in order to better manage the risks of keeping that data secure. They are also now prohibited from collecting any more data from their customers than is strictly necessary for the processes they have identified- and these regulations will be strictly enforced by fines that can tally up to four percent of a company’s annual profits.

For companies looking to keep ahead of the curve, it makes sense to start modernising your data infrastructure to keep up with the rapid changes demanded of the GDPR. This should include a thorough audit of all data, and of the customer data that you hold: this will not only allow you to meet the demands of GDPR regulations, but will also maximise the value of your data assets through more efficient profiling and processing- especially as the use of big data to profile customers is still permitted. 

2022 Salary Guides - Download Now


Data transparency

The idea of consent is also set to dominate discussion over GDPR in coming months. Under the new legislation, individuals need to give permission for their data to be stored and processed- mostly by signalling their agreement via devices like clearly marked check boxes. Under the GDPR, this consent has to be asked for every time a customer inputs their data. In a market where insurers are already competing to attract and retain new customers, capitalising on the idea of consent is vital if companies want to build a culture of trust between themselves and their client, especially when it comes to using and profiling customer data

Indeed, in the new insurance market, transparency is key, and the GDPR will bring in a slew of new regulations aimed at giving power to the consumer, which will likely have a huge impact on insurers. Encompassing the ‘right to be forgotten’- which gives customers the ability to request that their personal information be wiped from all company databases- the GDPR also gives consumers the right to ‘data portability’, which recognises the customer’s ownership of their personal data and the ability to transfer it to another insurance company should they decide to make a change. 

However, the picture is slightly murkier when it comes to dealing with insurance prospects.92% of companies use databases to store information on both customers and prospects, but given that prospect data tends to include much more personal information than that on clients, insurance Brokers need to be aware of the importance of regulating and storing that data. Even if a prospect isn’t a client, if they’ve given you their data then it needs to be stored and regulated properly- though, of course, any information that can easily be found online is yours to do with as you want. 

This has its benefits, too: by cleansing and updating your prospect data, you’ll not only be GDPR-compliant, but the data that you have will be better quality, and can be relied on more heavily. Though you might lose some prospects, the data you have will allow for better Business Development- and on the whole that’s an opportunity well worth taking advantage of. 

Cyber security

In a sector where only 43% of insurance CEOs say that their organisation is fully prepared for a cybercrime attack, the GDPR’s emphasis on data security is paving the way for insurers to better deal with cyber security. Many insurance companies are being encouraged to invest in new, up-to-date security systems that will minimise the danger of leaks. Indeed, such is the GDPR’s focus on cybersecurity that it will soon become law for most large businesses to adopt a Data Protection Officer to oversee their operations and report any breaches in data. 

Some companies have also started to consider training their staff in data purpose limitations, and help them to develop the right data behaviours: to minimise risk, these safety practices need to become ingrained in any financial company’s culture. This increased focus on security makes good marketing sense, too: data protection is quickly becoming a market differentiator amongst customers, who are becoming more likely than ever to choose companies they can trust with their personal data.

A positive impact

With the enforcement of the GDPR will come a sea change in the way that General Insurance firms do business and many of these changes will make for a positive impact on the industry. The increased transparency championed by these new regulations will result in higher levels of customer trust, as well as a healthier customer-client relationship- and new regulations will enforce higher levels of data security, thus reducing the risk of cybercrime in turn. For those insurance companies looking to stay ahead of the curve, investing time and effort into building a solid GDPR strategy will pay off in multiple ways come May.

Change is coming: make sure you’re ahead of it.

At IDEX Consulting, we pride ourselves on staying up to date with the changing market so we can bring you the latest insights into how to thrive within it.